Cisco Router Configuration for Home Use

Configure Cisco Router for Home Use
So you bought this great Cisco IOS router for wopping $50 bucks on Ebay or Amazon and wold like to put it work. I do not blame you. Even an acient model of Cisco router may provide greater flexibility and more options than some standard consumer Netgear or Syslink router. The huge question is how to you configure your (not-so-) shiny and (not-so-) new Cisco router to be used at home. Many features of newer GUI-based routers can be configured from within the browser. With older Cisco router, in order to configure it, we will dive right in the IOS CLI. Before we start, in my case this is a Cisco 870 router, but you can use this tutorial to configure most of the older Cisco routers for home use. So as you may have guessed, step number one is to make sure you have console connection to your router. Once you are in, make a note of its interfaces. By running


show ip interfaces brief

... or as a Cisco engineer would put it:
sh ip int br


In my case my router had 5 interfaces labeled accordingly: FastEthernet0, FastEthernet1, FastEthernet2, FastEthernet03 and FastEthernet4. Your hardware may be different. For example you may have GigabitEthernet1/1 and GigabitEthernet1/2. The only reason it is important to you is because you will need to determine in which interface to plug in the network cable from your modem (aka "external") and the interfaces(s) to plugin the network cable(s) connecting to your equipment or home hub/swith (aka "internal"). In my case I am using FastEthernet4 for external connection and FastEthernet0/1/2/3 for internal connections. So without further ado, here is the configuration file.


hostname Router-1
!
no logging console
no logging monitor
enable password mypassword
!
no aaa new-model
!
resource policy
!
clock timezone EST -5
clock summer-time EST recurring
ip subnet-zero
ip cef
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.1.1 192.168.1.150
!
! yes, we will be creating a DHCP server and DHCP scope
! on you Cisco router
!
ip dhcp pool my-dhcp-pool
   network 192.168.1.0 255.255.255.0
   dns-server 8.8.8.8
   default-router 192.168.1.1
!
! let us use Google's DNS server for all DNS queries
!
ip name-server 8.8.8.8
!
interface FastEthernet0
 switchport access vlan 10
 no shut
!
! plugin your home equipment in the next 3 interfaces
!
interface FastEthernet1
 switchport access vlan 10
 no shut
!
interface FastEthernet2
 switchport access vlan 10
 no shut
!
!
interface FastEthernet3
 switchport access vlan 10
 no shut
!
! this is configuraton of the interface connecting to your ISP
! as you see, it is configured to run DHCP client
! once you are done configring, you can check if it works, 
! by running 'show ip interface brie' 
! and confirming that FastEthernet obtained a true internet address
!
interface FastEthernet4
 description *** Outside ISP ***
 ip address dhcp
 ip access-group 101 in
 ip nat outside
 no ip route-cache cef
 no ip route-cache
 duplex auto
 speed auto
 no cdp enable 
!
vlan 10 
Name MyHome_VLAN_192.168.1.0/24
!
!
ip nat inside source list 102 interface FastEthernet4 overload
!
interface Vlan 10
 description *** Inside LAN ***
 ip address 192.168.1.1 255.255.255.0
 ip nat inside
!
ip classless
!
no ip http server
ip nat inside source list 102 interface FastEthernet4 overload
!
! Access list 101 basically says:
! Do not allow anyone to initiate TCP connections from the outside
! Only allow pings from the outside
! 

ip access-list logging interval 10
logging history notifications
access-list 101 permit tcp any any established
access-list 101 permit icmp any any
access-list 101 permit udp any any
access-list 101 deny   ip any any
access-list 102 permit ip 192.168.1.0 0.0.0.255 any
!
control-plane
!
!
line con 0
 password MyPassword
 login
line aux 0
line vty 0 4
 password MyPassword
 login
!



If you would like to "punch hole" in your external access in order to allow specific protocol from specific source to specific destination you can insert this a line similar to these.


! these 3 lines allow telnet and RDP traffic
! brom any internet address which begins with 69.1.1.x
access-list 101 permit tcp 69.1.1.0 0.0.0.255 any eq telnet
access-list 101 permit tcp 69.1.1.0 0.0.0.255 any eq 3389
access-list 101 permit tcp 69.1.1.0 0.0.0.255 any eq 3390
! these 3 line map external reqests for telnet 
! to internal device 192.168.1.100
! it also allows to 
! RDP to internal PC 192.168.1.110 on port 3389
! and
! RDP to internal PC 192.168.1.120 on port 3390
!
! only from internet IP addresses beginning with 69.1.1.x
!
ip nat inside source static tcp 192.168.1.100 25 interface FastEthernet0/0 25
ip nat inside source static tcp 192.168.1.110 3389 interface FastEthernet0/0 3389
ip nat inside source static tcp 192.168.1.120 3390interface FastEthernet0/0 3389



Just a reminder, in Cisco configuration file, anything preceeded with a '!' is ignored, including comments. I hope you enjoyed your journey in the world of 20 year old Cisco routers. Enjoy and stay tuned!